{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:25:11Z","timestamp":1757618711416,"version":"3.44.0"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031976223"},{"type":"electronic","value":"9783031976230"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_8","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:20:59Z","timestamp":1752139259000},"page":"124-146","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Empirical Study of\u00a0Multi-language Security Patches in\u00a0Open Source Software"],"prefix":"10.1007","author":[{"given":"Shiyu","family":"Sun","sequence":"first","affiliation":[]},{"given":"Yunlong","family":"Xing","sequence":"additional","affiliation":[]},{"given":"Grant","family":"Zou","sequence":"additional","affiliation":[]},{"given":"Xinda","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Kun","family":"Sun","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"8_CR1","unstructured":"CNAs (2024). https:\/\/www.cve.org\/ProgramOrganization\/CNAs"},{"key":"8_CR2","unstructured":"CVE (2024). https:\/\/cve.mitre.org\/index.html"},{"key":"8_CR3","unstructured":"CVSS_v3 (2024). https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator"},{"key":"8_CR4","unstructured":"CWE (2024). https:\/\/cwe.mitre.org\/"},{"key":"8_CR5","unstructured":"GitHub commits language count (2025). https:\/\/api.github.com\/search\/commits?q=language:language combination"},{"key":"8_CR6","unstructured":"GitHub repositories language count (2025). https:\/\/api.github.com\/search\/repositories?q=language:language combination"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Abidi, M., Grichi, M., Khomh, F., Gu\u00e9h\u00e9neuc, Y.G.: Code smells for multi-language systems. In: Proceedings of the 24th European Conference on Pattern Languages of Programs, pp. 1\u201313 (2019)","DOI":"10.1145\/3361149.3361161"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Bandara, V., et al.: Fix that fix commit: a real-world remediation analysis of Javascript projects. In: 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE (2020)","DOI":"10.1109\/SCAM51674.2020.00027"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Bhandari, G., Naseer, A., Moonen, L.: CVEfixes: automated collection of vulnerabilities and their fixes from open-source software. In: Proceedings of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering, pp. 30\u201339 (2021)","DOI":"10.1145\/3475960.3475985"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Buro, S., Crole, R., Mastroeni, I.: On multi-language abstraction: towards a static analysis of multi-language programs. Formal Methods Syst. Des. (2023)","DOI":"10.1007\/s10703-022-00405-8"},{"key":"8_CR11","unstructured":"Cass, S.: The top programming languages 2024, August 2024. https:\/\/spectrum.ieee.org\/top-programming-languages-2024"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Chakraborty, P., Alfadel, M., Nagappan, M.: BLAZE: cross-language and cross-project bug localization via dynamic chunking and hard example learning. arXiv preprint arXiv:2407.17631 (2024)","DOI":"10.1109\/TSE.2025.3579574"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Chen, Y., Ding, Z., Chen, X., Wagner, D.: DiverseVul: a new vulnerable source code dataset for deep learning based vulnerability detection. arXiv preprint arXiv:2304.00409 (2023)","DOI":"10.1145\/3607199.3607242"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Fan, J., Li, Y., Wang, S., Nguyen, T.N.: AC\/C++ code vulnerability dataset with code changes and CVE summaries. In: Proceedings of the 17th International Conference on Mining Software Repositories, pp. 508\u2013512 (2020)","DOI":"10.1145\/3379597.3387501"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Figueiredo, A., Lide, T., Correia, M.: Multi-language web vulnerability detection. In: 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 153\u2013154. IEEE (2020)","DOI":"10.1109\/ISSREW51248.2020.00058"},{"issue":"14","key":"8_CR16","doi-asserted-by":"publisher","first-page":"3067","DOI":"10.3390\/electronics12143067","volume":"12","author":"T Lei","year":"2023","unstructured":"Lei, T., Xue, J., Wang, Y., Liu, Z.: IRC-CLVul: cross-programming-language vulnerability detection with intermediate representations and combined features. Electronics 12(14), 3067 (2023)","journal-title":"Electronics"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Li, W., Li, L., Cai, H.: On the vulnerability proneness of multilingual code. In: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 847\u2013859 (2022)","DOI":"10.1145\/3540250.3549173"},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"Li, W., Li, L., Cai, H.: PolyFax: a toolkit for characterizing multi-language software. In: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1662\u20131666 (2022)","DOI":"10.1145\/3540250.3558925"},{"issue":"3","key":"8_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3632745","volume":"33","author":"W Li","year":"2024","unstructured":"Li, W., Marino, A., Yang, H., Meng, N., Li, L., Cai, H.: How are multilingual systems constructed: characterizing language use and selection in open-source multilingual software. ACM Trans. Softw. Eng. Methodol. 33(3), 1\u201346 (2024)","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Li, W., Meng, N., Li, L., Cai, H.: Understanding language selection in multi-language software projects on GitHub. In: 2021 IEEE\/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), pp. 256\u2013257. IEEE (2021)","DOI":"10.1109\/ICSE-Companion52605.2021.00119"},{"key":"8_CR21","unstructured":"Li, W., Ming, J., Luo, X., Cai, H.: PolyCruise: a cross-language dynamic information flow analysis. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 2513\u20132530 (2022)"},{"key":"8_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2024.107524","volume":"175","author":"Z Li","year":"2024","unstructured":"Li, Z., Ji, J., Liang, P., Mo, R., Liu, H.: An exploratory study on just-in-time multi-programming-language bug prediction. Inf. Softw. Technol. 175, 107524 (2024)","journal-title":"Inf. Softw. Technol."},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Li, Z., Wang, W., Wang, S., Liang, P., Mo, R.: Understanding resolution of multi-language bugs: an empirical study on apache projects. In: 2023 ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pp. 1\u201311. IEEE (2023)","DOI":"10.1109\/ESEM56168.2023.10304793"},{"issue":"2","key":"8_CR24","first-page":"3","volume":"1","author":"T Malone","year":"2014","unstructured":"Malone, T.: Interoperability in programming languages. Sch. Horiz. Univ. Minn. Morris Undergraduate J. 1(2), 3 (2014)","journal-title":"Sch. Horiz. Univ. Minn. Morris Undergraduate J."},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Mayer, P., Bauer, A.: An empirical analysis of the utilization of multiple programming languages in open source projects. In: Proceedings of the 19th International Conference on Evaluation and Assessment in Software Engineering, pp. 1\u201310 (2015)","DOI":"10.1145\/2745802.2745805"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Mushtaq, Z., Rasool, G.: Multilingual source code analysis: state of the art and challenges. In: 2015 International Conference on Open Source Systems & Technologies (ICOSST), pp. 170\u2013175. IEEE (2015)","DOI":"10.1109\/ICOSST.2015.7396422"},{"key":"8_CR27","doi-asserted-by":"crossref","unstructured":"Negrini, L.: A generic framework for multilanguage analysis (2023)","DOI":"10.1007\/978-981-19-9601-6_2"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"Nikitopoulos, G., Dritsa, K., Louridas, P., Mitropoulos, D.: CrossVul: a cross-language vulnerability dataset with commit data. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1565\u20131569 (2021)","DOI":"10.1145\/3468264.3473122"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Ponta, S.E., Plate, H., Sabetta, A., Bezzi, M., Dangremont, C.: A manually-curated dataset of fixes to vulnerabilities of open-source software. In: 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). IEEE (2019)","DOI":"10.1109\/MSR.2019.00064"},{"key":"8_CR30","doi-asserted-by":"crossref","unstructured":"Sun, S., Wang, S., Wang, X., Xing, Y., Zhang, E., Sun, K.: Exploring security commits in python. In: 2023 IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 171\u2013181. IEEE (2023)","DOI":"10.1109\/ICSME58846.2023.00027"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"Wang, X., Wang, S., Feng, P., Sun, K., Jajodia, S.: PatchDB: a large-scale security patch dataset. In: 2021 51st Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 149\u2013160. IEEE (2021)","DOI":"10.1109\/DSN48987.2021.00030"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Yang, H., Cai, H.: Dissecting real-world cross-language bugs (2025)","DOI":"10.1145\/3715777"},{"key":"8_CR33","doi-asserted-by":"crossref","unstructured":"Yang, H., Nong, Y., Zhang, T., Luo, X., Cai, H.: Learning to detect and localize multilingual bugs. Proc. ACM Softw. Eng. (FSE) (2024)","DOI":"10.1145\/3660804"},{"key":"8_CR34","doi-asserted-by":"crossref","unstructured":"Zheng, Y., et al.: D2A: a dataset built for AI-based vulnerability detection methods using differential analysis. In: 2021 IEEE\/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) (2021)","DOI":"10.1109\/ICSE-SEIP52600.2021.00020"},{"issue":"1","key":"8_CR35","first-page":"1","volume":"31","author":"Y Zhou","year":"2021","unstructured":"Zhou, Y., Siow, J.K., Wang, C., Liu, S., Liu, Y.: SPI: automated identification of security patches via commits. ACM Trans. Softw. Eng. Methodol. (TOSEM) 31(1), 1\u201327 (2021)","journal-title":"ACM Trans. Softw. Eng. Methodol. (TOSEM)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T04:11:52Z","timestamp":1757218312000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}